What’s really the key to detecting a breach before its become much too late? We’ll share some key insights, plus a technical breakdown of China’s great cannon & the new New French Surveillance Law that should be a warning to us all.

Plus a great round up, fantastic questions, our answers & much, much more!

Thanks to:

• Get Paid to Write for DigitalOcean

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

— Show Notes: —

Security analytics: The key for breach detection

• “Although security spending is at an all-time high, security breaches at major organizations are also at an all-time high, according to Gartner, Inc. The impact of advanced attacks has reached boardroom-level attention, and this heightened attention to security has freed up funds for many organizations to better their odds against such attacks.”
• “Breach detection is top of mind for security buyers and the field of security technologies claiming to find breaches or detect advanced attacks is at an all-time noise level,” said Eric Ahlm, research director at Gartner. “Security analytics platforms endeavor to bring situational awareness to security events by gathering and analyzing a broader set of data, such that the events that pose the greatest harm to an organization are found and prioritized with greater accuracy.”
• The approach that seems to be in favour at the moment is: security information and event management (SIEM)
• “While most SIEM products have the ability to collect, store and analyze security data, the meaning that can be pulled from a data store (such as the security data found in a SIEM) depends on how the data is reviewed. How well a SIEM product can perform automated analytics — compared with user queries and rules — has become an area of differentiation among SIEM providers.”
• “User behavior analytics (UBA) is another example of security analytics that is already gaining buyer attention. UBA allows user activity to be analyzed, much in the same way a fraud detection system would monitor a user’s credit cards for theft. UBA systems are effective at detecting meaningful security events, such as a compromised user account and rogue insiders. Although many UBA systems can analyze more data than just user profiles, such as devices and geo-locations, there is still an opportunity to enhance the analytics to include even more data points that can increase the accuracy of detecting a breach.”
• “As security analytics platforms grow in maturity and accuracy, a driving factor for their innovation is how much data can be brought into the analysis. Today, information about hosts, networks, users and external actors is the most common data brought into an analysis. However, the amount of context that can be brought into an analysis is truly boundless and presents an opportunity for owners of interesting data and the security providers looking to increase their effectiveness.”
• “Analytics systems, on average, tend to do better analyzing lean, or metadata-like, data stores that allow them to quickly, in almost real-time speed, produce interesting findings. The challenge to this approach is that major security events, such as breaches, don’t happen all at once. There may be an early indicator, followed hours later by a minor event, which in turn is followed days or months later by a data leakage event. When these three things are looked at as a single incident that just happens to span, say, three months, the overall priority of this incident made up of lesser events is now much higher, which is why “look backs” are a key concept for analytics systems.”
• “Ultimately, how actual human users interface with the outputs of large data analytics will greatly determine if the technology is adopted or deemed to produce useful information in a reasonable amount of time,” said Mr. Ahlm. “Like other disciplines that have leveraged large data analytics to discover new things or produce new outputs, visualization of that data will greatly affect adoption of the technology.”
• It will be interesting to see where the industry goes with these new concepts

China’s Great Cannon

• “This post describes our analysis of China’s “Great Cannon,” our term for an attack tool that we identify as separate from, but co-located with, the Great Firewall of China. The first known usage of the Great Cannon is in the recent large-scale novel DDoS attack on both GitHub and servers used by GreatFire.org.”
• “On March 16, GreatFire.org observed that servers they had rented to make blocked websites accessible in China were being targeted by a Distributed Denial of Service (DDoS) attack. On March 26, two GitHub pages run by GreatFire.org also came under the same type of attack. Both attacks appear targeted at services designed to circumvent Chinese censorship. A report released by GreatFire.org fingered malicious Javascript returned by Baidu servers as the source of the attack. Baidu denied that their servers were compromised.”
• “Several previous technical reports have suggested that the Great Firewall of China orchestrated these attacks by injecting malicious Javascript into Baidu connections. This post describes our analysis of the attack, which we were able to observe until April 8, 2015.”
• “We show that, while the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the “Great Cannon.” The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.”
• The report is broken down into a number of sections
• Section 2 locates and characterizes the Great Cannon as a separate system;
• Section 3 analyzes DDoS logs and characterizes the distribution of affected systems;
• Section 4 presents our attribution of the Great Cannon to the Government of China;
• Section 5 addresses the policy context and implications;
• Section 6 addresses the possibility of using the Great Cannon for targeted exploitation of individual users.
• I wonder what the next target of the Great Cannon of China will be

New French Surveillance Law

• “The new French Intelligence Bill has provoked concern among many of the country’s lawmakers, as well as international NGOs.”
• “According to French Human Rights Defender Jacques Toubon, the legislation contravenes the rulings of the European Court of Human Rights”
• “Despite boasting the support of France’s two major political parties, the Union for a Popular Movement (UMP) and the Socialist Party (PS), the Intelligence Bill has come in for some strong criticism in France, and it is now also beginning to raise eyebrows abroad.”
• “Many international NGOs, have condemned the vague and general nature of the bill. Designed to legalise certain surveillance practices, the bill would also broaden the powers of the security services, giving them the authority to ask private operators to follow and report on the activity of internet users. The debate over using terrorism as an excuse for internet surveillance is already raging in France, since Paris decided to “block” access to certain sites in the wake of the 7 January attacks.”
• “But the new bill goes even further. If adopted, it will allow investigators and government agents to intercept private emails and telephone conversations in the name of security, if they are directly linked to an investigation. Agents would be allowed to use new technologies wherever they deem necessary, including microphones, trackers and spy cameras. They would also be able to intercept conversations typed on a keyboard in real time. All these interceptions would be authorised by the Prime Minister, without the prior approval of a judge, and would be authorised after the fact by a new administrative authority, the National Commission for the Control of Intelligence Techniques (CNCTR).”
• “Seven companies, including web hosting and technology companies OVH, IDS, and Gandi have said in a letter to the French prime minister Manuel Valls that they will be pushed into de facto “exile” if the French government goes ahead with the “real-time capture of data” by its intelligence agencies.”
• Letter to French Prime Minister (in French)
• This has caused a very large backlash from the IT community
• Especially some of the large Internet and Server providers like Gandi, OVH, IDS, Ikoula and Lomaco who have threatened to leave France if the law passes
• OVH and Gandi threaten to move their operations, customers, tax revenue, and most importantly, 1000s of high tech jobs
• Hopefully this sends a clear warning to the US and other countries who are considering or proposing similar legislation, or who’s intelligence agencies have run amok
• “The companies argued that being required by the law to install “black boxes” on their networks will “destroy a major segment of the economy,” and if passed it will force them to “move our infrastructure, investments, and employees where our customers will want to work with us.” Citing a figure of 30-40 percent of foreign users, the companies say their customers come to them “because there is no Patriot Act in France,” France’s surveillance bill (“projet de loi relatif au renseignement”) allows the government’s law enforcement and intelligence agencies to immediately access live phone and cellular data for anyone suspected of being linked to terrorism. These phone records can be held for five years.”
• Tech firms threaten mass exodus from franch of new mass suveillance law
• Additional Coverage
• Hacker News

Feedback:

• hardening SSH? on your server and port forwarding email SPAM mail attack analysis….

• Chaining SSH connections | BSD Now

• Creating a snapshot in the middle of file being written.

• An Allan cameo

• FreeBSD Mastery: ZFS (in-progress draft) | Tilted Windmill Press

Some twitter comics:

• A population study of companies identifying the phenotype of a next generation
• An examination of strategic play versus action, concluding that action whilst important was not the key
• An examination of predictability, demonstrating that there was many knowable things which often failed to exploit
• Using weak signals to identify when ‘war’ (i.e. industrialisation) was likely to start in different tech fields
• Not one of my graphs but a neat profile from @DanHushon which make my top list

Second Set:

• Everything you need to know about Knowledge & Expertise
• The Enterprise IT Adoption cycle
• The Entire History of Cloud in one handy 2 x 2
• Build or use? Everything you need to know about Cloud in a handy 2×2
• The Entire history of product development in a handy table
• The future history of technology with helpful hints

Round Up:

• Cash register maker used same password – 166816 – non-stop since 1990
• When the security community eats its own — How the hype around intrusions and compromises can cause problems
• United Airlines prevents security analyst from boarding after tweet
• US Blocks Intel from selling Xeon chips to Chinese Supercomputer Project over concerns they are being used in nuclear tests
• Match.com uses HTTP only login page exposing millions of users’ passwords to those sniffing traffic
• Chinese hacker group going after air gapped computers
• Privilege Escalation via Docker
• US Arms Export restrictions cause Rapid7 to have to manually verify licenses for Metasploit for users outside of the US and Canada. All foreign governmental agencies are no longer allowed to be issued licenses.
• NASA asks to keep an unencrypted options in HTTP/2 because scientific data needs to be cachable
• Adversaries need credentials more than malware. Deny them by avoiding the sins of Windows credential administration

The post The French Disconnection | TechSNAP 211 first appeared on Jupiter Broadcasting.

Liam from Gaming on Linux joins us to discuss the Witcher 2 port fiasco, and why Linux’s reputation as a gaming platform could be on the line.

Plus a heated Manjaro discussion, your feedback, and a BIG announcement!

Thanks to:

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed | WebM Torrent Feed

Show Notes:

FU:

• OpenShot Video Editor | Blog: May Development Update: Video + Interview + More!

• Manjaro Xfce

• About Arch, Manjaro, and Wi-Fi

• Question for the Virtual LUG

• GitHub does dotfiles – dotfiles.github.io

• Straw Poll: What’s your DE?

The Witcher 2 Drama:

Guest: Liam Dawe (upurtweet) on Twitter

Full time dad, owner of @gamingonlinux and writer for @linuxvoice !

• The Witcher 2 Just Made A Bunch Of Linux Gamers Very, Very Angry

eON is a middle ground idea between what WINE does, and a native port. It is tuned and customised to each game we port — we do not simply slap a Windows binary into it and ship the game. For example, we often customise the D3D9->GL code path in various ways to cater for the title. Shaders are often rewritten to native GLSL, etc.

• GamingOnLinux – Why We Shouldn\’t Accept Bad Linux Ports

_The problem is if we keep accepting ports at a sub-par quality then Linux will gain a reputation for having low quality games. Think about that big picture for a moment, seriously.

_

New Show: Tech Talk Today (Mon – Thur)

9am Pacific / 12pm Eastern / 7pm GMT

• A daily, low key tech talk show. Covering the entire industry.

• A rotating cast of friends will join me, sometimes I’ll be solo.

• A unique perspective and insights, from outside the valley bubble. Outside the grasp of Google or Apple influence. A perspective from the open source community considering the important topics of the day.

• The state of technology coverage has bothered me for a long time, and specifically as many LUP listeners know the coverage of the Linux and open source communities.

• The show will try and be a daily taste maker of interesting topics and discussion.

• The daily format will allow for a large range of topics, and active live participation via Mumble, etc for talk back.

• Could be a little on the risky side, very blunt and honest opinions. Calling it like we see it.

• Patreon funded, with some limited sponsor opportunities available.

• Willing to consider discounted community spots.

• The Patreon fund is basically a fund JB’s growth campaign, and you get a daily show as a thank you.

• The revenue raised via Tech Talk Today’s Patreon funding will finance studio upgrades from facilities, to equipment, and even living conditions.

• Long term plans include funding a road show, and other big things we could only pull off with a stable platform of funding for us to stand on.

• This is a grand experiment. I’ve wanted to do a daily show again for a while, but its also some of the hardest workout there. It’s a lifestyle. Can I keep it up? Can we fund future JB growth? I’m not sure, but I am damn excited to find out!

The post Fine Wine or Sour Ports | LINUX Unplugged 42 first appeared on Jupiter Broadcasting.

A big password leak from a major industry player, mobile security takes a big hit, we cover a couple of the major vulnerabilities affecting our favorite gadgets, and more Java troubles.

Plus moving from Apache to Nginx, and a big batch of your questions.

All that and so much more, on this week’s TechSNAP!

Thanks to:

Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

BONOUS ROUND PROMO:

Get your .COMs just $5.99 per year up to 3 domains! Additional .COMs just $7.99 per year!
CODE: 599tech

Expires 10/31/12

SPECIAL OFFER! Save 20% off your order!
Code: go20off5

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
techsnapx: 20% off .xxx domains

 

Support the Show:

   

Support the Show: